Documentation ¶
Overview ¶
Package keyshare provides functions that encrypt and decrypt data and split keys.
Index ¶
- Constants
- func DecryptFile(plaintextFile, ciphertextFile, shareFilePrefix string, shareCount int, ...) error
- func EncodeToBase64(ciphertextFile, shareFilePrefix string, ciphertext []byte, shares [][]byte) error
- func EncodeToQR(ciphertextFile, shareFilePrefix string, ciphertext []byte, shares [][]byte) error
- func EncryptAndShare(sharer ByteSharer, plaintext []byte) ([]byte, [][]byte, error)
- func EncryptFile(plaintextFile string, sharer ByteSharer) ([]byte, [][]byte, error)
- func ReassembleAndDecrypt(sharer ByteSharer, authenticatedCiphertext []byte, shares [][]byte) ([]byte, error)
- type AuthCiphertext
- type ByteSharer
- type Ciphertext
Constants ¶
const ( XOR byte = iota Threshold )
These constants represent the supported types of secret sharing.
Variables ¶
This section is empty.
Functions ¶
func DecryptFile ¶
func DecryptFile(plaintextFile, ciphertextFile, shareFilePrefix string, shareCount int, sharer ByteSharer) error
DecryptFile takes in the name of a output file, a file to decrypt, and a share-file prefix. It decrypts the encrypted file into the output file or reports an error. The shares must be named starting with the shareFilePrefix and numbered from 0. For example, if the prefix is "s" and the shareCount is 4, then the files must be s0, s1, s2, and s3.
func EncodeToBase64 ¶
func EncodeToBase64(ciphertextFile, shareFilePrefix string, ciphertext []byte, shares [][]byte) error
EncodeToBase64 creates a base64 representation of the ciphertext and shares and writes them to files. The share files are of the form shareFilePrefix[0-9]+.
func EncodeToQR ¶
EncodeToQR creates a QR-code representation of the ciphertext and shares and writes them to PNG files. The share files are of the form shareFilePrefix[0-9]+.png. The files must be decoded by an external QR decoder before being passed to DecryptFile. Encoding to QR codes is used here to add a Reed-Solomon error-correcting code and to make it easier to get a printed version of the code back into digital form.
func EncryptAndShare ¶
func EncryptAndShare(sharer ByteSharer, plaintext []byte) ([]byte, [][]byte, error)
EncryptAndShare generates a fresh key, uses it to encrypt the plaintext, shares the key, zeroes it, and returns the ciphertext and the key shares to be distributed.
func EncryptFile ¶
func EncryptFile(plaintextFile string, sharer ByteSharer) ([]byte, [][]byte, error)
EncryptFile takes in the name of a file to encrypt, an output file for the ciphertext, a share file prefix for the shares, and the number of shares to create and creates a file encrypted with a fresh key. This key is then shared into shareCount pieces.
func ReassembleAndDecrypt ¶
func ReassembleAndDecrypt(sharer ByteSharer, authenticatedCiphertext []byte, shares [][]byte) ([]byte, error)
ReassembleAndDecrypt reassembles a key from a set of shares and uses this key to authenticate and decrypt a ciphertext.
Types ¶
type AuthCiphertext ¶
type AuthCiphertext struct { // gob-encoded Ciphertext that is hmac'd in the hmac field. Ciphertext []byte Hmac []byte }
An AuthCiphertext combines a ciphertext with an integrity check in the form of an HMAC computed over the gob-encoded Ciphertext.
type ByteSharer ¶
type ByteSharer interface {}
A ByteSharer shares and reassembles a byte stream.
func NewThresholdSharer ¶
func NewThresholdSharer(t, n int) (ByteSharer, error)
NewThresholdSharer produces a ByteSharer that performs Shamir's threshold secret-sharing scheme.
func NewXORSharer ¶
func NewXORSharer(n int) (ByteSharer, error)
NewXORSharer creates an (n, n) secret sharer.
type Ciphertext ¶
A Ciphertext is an IV combined with a value encrypted using this ciphertext.